'\" t
.TH "SYSTEMD\-SYSTEM\&.CONF" "5" "" "systemd 257.1" "systemd-system.conf"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-system.conf, system.conf.d, systemd-user.conf, user.conf.d \- System and session service manager configuration files
.SH "SYNOPSIS"
.PP
/etc/systemd/system\&.conf,
/run/systemd/system\&.conf,
/usr/lib/systemd/system\&.conf,
/etc/systemd/system\&.conf\&.d/*\&.conf,
/run/systemd/system\&.conf\&.d/*\&.conf,
/usr/lib/systemd/system\&.conf\&.d/*\&.conf
.PP
~/\&.config/systemd/user\&.conf,
/etc/systemd/user\&.conf,
/run/systemd/user\&.conf,
/usr/lib/systemd/user\&.conf,
/etc/systemd/user\&.conf\&.d/*\&.conf,
/run/systemd/user\&.conf\&.d/*\&.conf,
/usr/lib/systemd/user\&.conf\&.d/*\&.conf
.SH "DESCRIPTION"
.PP
When run as a system instance,
\fBsystemd\fR
interprets the configuration file
system\&.conf
and the files in
system\&.conf\&.d
directories; when run as a user instance, it interprets the configuration file
user\&.conf
(in order of priority, in the home directory of the user and under
/etc/systemd/,
/run/systemd/, and
/usr/lib/systemd/) and the files in
user\&.conf\&.d
directories\&. These configuration files contain a few settings controlling basic manager operations\&.
.PP
See
\fBsystemd.syntax\fR(7)
for a general description of the syntax\&.
.SH "CONFIGURATION DIRECTORIES AND PRECEDENCE"
.PP
The default configuration is set during compilation, so configuration is only needed when it is necessary to deviate from those defaults\&. The main configuration file is loaded from one of the listed directories in order of priority, only the first file found is used:
/etc/systemd/,
/run/systemd/,
/usr/local/lib/systemd/
\&\s-2\u[1]\d\s+2,
/usr/lib/systemd/\&. The vendor version of the file contains commented out entries showing the defaults as a guide to the administrator\&. Local overrides can also be created by creating drop\-ins, as described below\&. The main configuration file can also be edited for this purpose (or a copy in
/etc/
if it\*(Aqs shipped under
/usr/), however using drop\-ins for local configuration is recommended over modifications to the main configuration file\&.
.PP
In addition to the main configuration file, drop\-in configuration snippets are read from
/usr/lib/systemd/*\&.conf\&.d/,
/usr/local/lib/systemd/*\&.conf\&.d/, and
/etc/systemd/*\&.conf\&.d/\&. Those drop\-ins have higher precedence and override the main configuration file\&. Files in the
*\&.conf\&.d/
configuration subdirectories are sorted by their filename in lexicographic order, regardless of in which of the subdirectories they reside\&. When multiple files specify the same option, for options which accept just a single value, the entry in the file sorted last takes precedence, and for options which accept a list of values, entries are collected as they occur in the sorted files\&.
.PP
When packages need to customize the configuration, they can install drop\-ins under
/usr/\&. Files in
/etc/
are reserved for the local administrator, who may use this logic to override the configuration files installed by vendor packages\&. Drop\-ins have to be used to override package drop\-ins, since the main configuration file has lower precedence\&. It is recommended to prefix all filenames in those subdirectories with a two\-digit number and a dash, to simplify the ordering\&. This also defines a concept of drop\-in priorities to allow OS vendors to ship drop\-ins within a specific range lower than the range used by users\&. This should lower the risk of package drop\-ins overriding accidentally drop\-ins defined by users\&. It is recommended to use the range 10\-40 for drop\-ins in
/usr/
and the range 60\-90 for drop\-ins in
/etc/
and
/run/, to make sure that local and transient drop\-ins take priority over drop\-ins shipped by the OS vendor\&.
.PP
To disable a configuration file supplied by the vendor, the recommended way is to place a symlink to
/dev/null
in the configuration directory in
/etc/, with the same filename as the vendor configuration file\&.
.SH "OPTIONS"
.PP
All options are configured in the [Manager] section:
.PP
\fILogColor=\fR, \fILogLevel=\fR, \fILogLocation=\fR, \fILogTarget=\fR, \fILogTime=\fR, \fIDumpCore=yes\fR, \fICrashChangeVT=no\fR, \fICrashShell=no\fR, \fICrashAction=freeze\fR, \fIShowStatus=yes\fR, \fIDefaultStandardOutput=journal\fR, \fIDefaultStandardError=inherit\fR
.RS 4
Configures various parameters of basic manager operation\&. These options may be overridden by the respective process and kernel command line arguments\&. See
\fBsystemd\fR(1)
for details\&.
.sp
Added in version 198\&.
.RE
.PP
\fICtrlAltDelBurstAction=\fR
.RS 4
Defines what action will be performed if user presses Ctrl\-Alt\-Delete more than 7 times in 2s\&. Can be set to
"reboot\-force",
"poweroff\-force",
"reboot\-immediate",
"poweroff\-immediate"
or disabled with
"none"\&. Defaults to
"reboot\-force"\&.
.sp
Added in version 232\&.
.RE
.PP
\fIStatusUnitFormat=\fR
.RS 4
Takes
\fBname\fR,
\fBdescription\fR
or
\fBcombined\fR
as the value\&. If
\fBname\fR, the system manager will use unit names in status messages (e\&.g\&.
"systemd\-journald\&.service"), instead of the longer and more informative descriptions set with
\fIDescription=\fR
(e\&.g\&.
"Journal Logging Service")\&. If
\fBcombined\fR, the system manager will use both unit names and descriptions in status messages (e\&.g\&.
"systemd\-journald\&.service \- Journal Logging Service")\&.
.sp
See
\fBsystemd.unit\fR(5)
for details about unit names and
\fIDescription=\fR\&.
.sp
Added in version 243\&.
.RE
.PP
\fIDefaultTimerAccuracySec=\fR
.RS 4
Sets the default accuracy of timer units\&. This controls the global default for the
\fIAccuracySec=\fR
setting of timer units, see
\fBsystemd.timer\fR(5)
for details\&.
\fIAccuracySec=\fR
set in individual units override the global default for the specific unit\&. Defaults to 1min\&. Note that the accuracy of timer units is also affected by the configured timer slack for PID 1, see
\fITimerSlackNSec=\fR
above\&.
.sp
Added in version 212\&.
.RE
.SH "RESOURCE MANAGEMENT"
.PP
\fITimerSlackNSec=\fR
.RS 4
Sets the timer slack in nanoseconds for PID 1, which is inherited by all executed processes, unless overridden individually, for example with the
\fITimerSlackNSec=\fR
setting in service units (for details see
\fBsystemd.exec\fR(5))\&. The timer slack controls the accuracy of wake\-ups triggered by system timers\&. See
\fBprctl\fR(2)
for more information\&. Note that in contrast to most other time span definitions this parameter takes an integer value in nano\-seconds if no unit is specified\&. The usual time units are understood too\&.
.sp
Added in version 198\&.
.RE
.PP
\fICPUAffinity=\fR
.RS 4
Configures the CPU affinity for the service manager as well as the default CPU affinity for all forked off processes\&. Takes a list of CPU indices or ranges separated by either whitespace or commas\&. CPU ranges are specified by the lower and upper CPU indices separated by a dash\&. This option may be specified more than once, in which case the specified CPU affinity masks are merged\&. If the empty string is assigned, the mask is reset, all assignments prior to this will have no effect\&. Individual services may override the CPU affinity for their processes with the
\fICPUAffinity=\fR
setting in unit files, see
\fBsystemd.exec\fR(5)\&.
.sp
Added in version 198\&.
.RE
.PP
\fINUMAPolicy=\fR
.RS 4
Configures the NUMA memory policy for the service manager and the default NUMA memory policy for all forked off processes\&. Individual services may override the default policy with the
\fINUMAPolicy=\fR
setting in unit files, see
\fBsystemd.exec\fR(5)\&.
.sp
Added in version 243\&.
.RE
.PP
\fINUMAMask=\fR
.RS 4
Configures the NUMA node mask that will be associated with the selected NUMA policy\&. Note that
\fBdefault\fR
and
\fBlocal\fR
NUMA policies don\*(Aqt require explicit NUMA node mask and value of the option can be empty\&. Similarly to
\fINUMAPolicy=\fR, value can be overridden by individual services in unit files, see
\fBsystemd.exec\fR(5)\&.
.sp
Added in version 243\&.
.RE
.PP
\fIDefaultCPUAccounting=\fR, \fIDefaultMemoryAccounting=\fR, \fIDefaultTasksAccounting=\fR, \fIDefaultIOAccounting=\fR, \fIDefaultIPAccounting=\fR
.RS 4
Configure the default resource accounting settings, as configured per\-unit by
\fICPUAccounting=\fR,
\fIMemoryAccounting=\fR,
\fITasksAccounting=\fR,
\fIIOAccounting=\fR
and
\fIIPAccounting=\fR\&. See
\fBsystemd.resource-control\fR(5)
for details on the per\-unit settings\&.
.sp
\fIDefaultCPUAccounting=\fR
defaults to yes when running on kernel ≥4\&.15, and no on older versions\&.
\fIDefaultMemoryAccounting=\fR
defaults to yes\&.
\fIDefaultTasksAccounting=\fR
defaults to yes\&. The other settings default to no\&.
.sp
Added in version 211\&.
.RE
.PP
\fIDefaultTasksMax=\fR
.RS 4
Configure the default value for the per\-unit
\fITasksMax=\fR
setting\&. See
\fBsystemd.resource-control\fR(5)
for details\&. This setting applies to all unit types that support resource control settings, with the exception of slice units\&. Defaults to 15% of the minimum of
\fIkernel\&.pid_max=\fR,
\fIkernel\&.threads\-max=\fR
and root cgroup
\fIpids\&.max\fR\&. Kernel has a default value for
\fIkernel\&.pid_max=\fR
and an algorithm of counting in case of more than 32 cores\&. For example, with the default
\fIkernel\&.pid_max=\fR,
\fIDefaultTasksMax=\fR
defaults to 4915, but might be greater in other systems or smaller in OS containers\&.
.sp
Added in version 228\&.
.RE
.PP
\fIDefaultLimitCPU=\fR, \fIDefaultLimitFSIZE=\fR, \fIDefaultLimitDATA=\fR, \fIDefaultLimitSTACK=\fR, \fIDefaultLimitCORE=\fR, \fIDefaultLimitRSS=\fR, \fIDefaultLimitNOFILE=\fR, \fIDefaultLimitAS=\fR, \fIDefaultLimitNPROC=\fR, \fIDefaultLimitMEMLOCK=\fR, \fIDefaultLimitLOCKS=\fR, \fIDefaultLimitSIGPENDING=\fR, \fIDefaultLimitMSGQUEUE=\fR, \fIDefaultLimitNICE=\fR, \fIDefaultLimitRTPRIO=\fR, \fIDefaultLimitRTTIME=\fR
.RS 4
These settings control various default resource limits for processes executed by units\&. See
\fBsetrlimit\fR(2)
for details\&. These settings may be overridden in individual units using the corresponding
\fILimitXXX=\fR
directives and they accept the same parameter syntax, see
\fBsystemd.exec\fR(5)
for details\&. Note that these resource limits are only defaults for units, they are not applied to the service manager process (i\&.e\&. PID 1) itself\&.
.sp
Most of these settings are unset, which means the resource limits are inherited from the kernel or, if invoked in a container, from the container manager\&. However, the following have defaults:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIDefaultLimitNOFILE=\fR
defaults to 1024:524288\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIDefaultLimitMEMLOCK=\fR
defaults to 8M\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fIDefaultLimitCORE=\fR
does not have a default but it is worth mentioning that
\fIRLIMIT_CORE\fR
is set to
"infinity"
by PID 1 which is inherited by its children\&.
.RE
.sp
Note that the service manager internally in PID 1 bumps
\fIRLIMIT_NOFILE\fR
and
\fIRLIMIT_MEMLOCK\fR
to higher values, however the limit is reverted to the mentioned defaults for all child processes forked off\&.
.sp
Added in version 198\&.
.RE
.PP
\fIDefaultOOMPolicy=\fR
.RS 4
Configure the default policy for reacting to processes being killed by the Linux Out\-Of\-Memory (OOM) killer or
\fBsystemd\-oomd\fR\&. This may be used to pick a global default for the per\-unit
\fIOOMPolicy=\fR
setting\&. See
\fBsystemd.service\fR(5)
for details\&. Note that this default is not used for services that have
\fIDelegate=\fR
turned on\&.
.sp
Added in version 243\&.
.RE
.PP
\fIDefaultOOMScoreAdjust=\fR
.RS 4
Configures the default OOM score adjustments of processes run by the service manager\&. This defaults to unset (meaning the forked off processes inherit the service manager\*(Aqs OOM score adjustment value), except if the service manager is run for an unprivileged user, in which case this defaults to the service manager\*(Aqs OOM adjustment value plus 100 (this makes service processes slightly more likely to be killed under memory pressure than the manager itself)\&. This may be used to pick a global default for the per\-unit
\fIOOMScoreAdjust=\fR
setting\&. See
\fBsystemd.exec\fR(5)
for details\&. Note that this setting has no effect on the OOM score adjustment value of the service manager process itself, it retains the original value set during its invocation\&.
.sp
Added in version 250\&.
.RE
.PP
\fIDefaultMemoryPressureWatch=\fR, \fIDefaultMemoryPressureThresholdSec=\fR
.RS 4
Configures the default settings for the per\-unit
\fIMemoryPressureWatch=\fR
and
\fIMemoryPressureThresholdSec=\fR
settings\&. See
\fBsystemd.resource-control\fR(5)
for details\&. Defaults to
"auto"
and
"200ms", respectively\&. This also sets the memory pressure monitoring threshold for the service manager itself\&.
.sp
Added in version 254\&.
.RE
.SH "HARDWARE WATCHDOG"
.PP
\fIRuntimeWatchdogSec=\fR, \fIRebootWatchdogSec=\fR, \fIKExecWatchdogSec=\fR
.RS 4
Configure the hardware watchdog at runtime and at reboot\&. Takes a timeout value in seconds (or in other time units if suffixed with
"ms",
"min",
"h",
"d",
"w"), or the special strings
"off"
or
"default"\&. If set to
"off"
(alternatively:
"0") the watchdog logic is disabled: no watchdog device is opened, configured, or pinged\&. If set to the special string
"default"
the watchdog is opened and pinged in regular intervals, but the timeout is not changed from the default\&. If set to any other time value the watchdog timeout is configured to the specified value (or a value close to it, depending on hardware capabilities)\&.
.sp
If
\fIRuntimeWatchdogSec=\fR
is set to a non\-zero value, the watchdog hardware (/dev/watchdog0
or the path specified with
\fIWatchdogDevice=\fR
or the kernel option
\fIsystemd\&.watchdog\-device=\fR) will be programmed to automatically reboot the system if it is not contacted within the specified timeout interval\&. The system manager will ensure to contact it at least once in half the specified timeout interval\&. This feature requires a hardware watchdog device to be present, as it is commonly the case in embedded and server systems\&. Not all hardware watchdogs allow configuration of all possible reboot timeout values, in which case the closest available timeout is picked\&.
.sp
\fIRebootWatchdogSec=\fR
may be used to configure the hardware watchdog when the system is asked to reboot\&. It works as a safety net to ensure that the reboot takes place even if a clean reboot attempt times out\&. Note that the
\fIRebootWatchdogSec=\fR
timeout applies only to the second phase of the reboot, i\&.e\&. after all regular services are already terminated, and after the system and service manager process (PID 1) got replaced by the
systemd\-shutdown
binary, see system
\fBbootup\fR(7)
for details\&. During the first phase of the shutdown operation the system and service manager remains running and hence
\fIRuntimeWatchdogSec=\fR
is still honoured\&. In order to define a timeout on this first phase of system shutdown, configure
\fIJobTimeoutSec=\fR
and
\fIJobTimeoutAction=\fR
in the [Unit] section of the
shutdown\&.target
unit\&. By default
\fIRuntimeWatchdogSec=\fR
defaults to 0 (off), and
\fIRebootWatchdogSec=\fR
to 10min\&.
.sp
\fIKExecWatchdogSec=\fR
may be used to additionally enable the watchdog when kexec is being executed rather than when rebooting\&. Note that if the kernel does not reset the watchdog on kexec (depending on the specific hardware and/or driver), in this case the watchdog might not get disabled after kexec succeeds and thus the system might get rebooted, unless
\fIRuntimeWatchdogSec=\fR
is also enabled at the same time\&. For this reason it is recommended to enable
\fIKExecWatchdogSec=\fR
only if
\fIRuntimeWatchdogSec=\fR
is also enabled\&.
.sp
These settings have no effect if a hardware watchdog is not available\&.
.sp
Added in version 198\&.
.RE
.PP
\fIRuntimeWatchdogPreSec=\fR
.RS 4
Configure the hardware watchdog device pre\-timeout value\&. Takes a timeout value in seconds (or in other time units similar to
\fIRuntimeWatchdogSec=\fR)\&. A watchdog pre\-timeout is a notification generated by the watchdog before the watchdog reset might occur in the event the watchdog has not been serviced\&. This notification is handled by the kernel and can be configured to take an action (i\&.e\&. generate a kernel panic) using
\fIRuntimeWatchdogPreGovernor=\fR\&. Not all watchdog hardware or drivers support generating a pre\-timeout and depending on the state of the system, the kernel may be unable to take the configured action before the watchdog reboot\&. The watchdog will be configured to generate the pre\-timeout event at the amount of time specified by
\fIRuntimeWatchdogPreSec=\fR
before the runtime watchdog timeout (set by
\fIRuntimeWatchdogSec=\fR)\&. For example, if the we have
\fIRuntimeWatchdogSec=30\fR
and
\fIRuntimeWatchdogPreSec=10\fR, then the pre\-timeout event will occur if the watchdog has not pinged for 20s (10s before the watchdog would fire)\&. By default,
\fIRuntimeWatchdogPreSec=\fR
defaults to 0 (off)\&. The value set for
\fIRuntimeWatchdogPreSec=\fR
must be smaller than the timeout value for
\fIRuntimeWatchdogSec=\fR\&. This setting has no effect if a hardware watchdog is not available or the hardware watchdog does not support a pre\-timeout and will be ignored by the kernel if the setting is greater than the actual watchdog timeout\&.
.sp
Added in version 251\&.
.RE
.PP
\fIRuntimeWatchdogPreGovernor=\fR
.RS 4
Configure the action taken by the hardware watchdog device when the pre\-timeout expires\&. The default action for the pre\-timeout event depends on the kernel configuration, but it is usually to log a kernel message\&. For a list of valid actions available for a given watchdog device, check the content of the
/sys/class/watchdog/watchdog\fIX\fR/pretimeout_available_governors
file\&. Typically, available governor types are
\fInoop\fR
and
\fIpanic\fR\&. Availability, names and functionality might vary depending on the specific device driver in use\&. If the
pretimeout_available_governors
sysfs file is empty, the governor might be built as a kernel module and might need to be manually loaded (e\&.g\&.
\fIpretimeout_noop\&.ko\fR), or the watchdog device might not support pre\-timeouts\&.
.sp
Added in version 251\&.
.RE
.PP
\fIWatchdogDevice=\fR
.RS 4
Configure the hardware watchdog device that the runtime and shutdown watchdog timers will open and use\&. Defaults to
/dev/watchdog0\&. This setting has no effect if a hardware watchdog is not available\&.
.sp
Added in version 236\&.
.RE
.SH "SECURITY"
.PP
\fICapabilityBoundingSet=\fR
.RS 4
Controls which capabilities to include in the capability bounding set for PID 1 and its children\&. See
\fBcapabilities\fR(7)
for details\&. Takes a whitespace\-separated list of capability names as read by
\fBcap_from_name\fR(3)\&. Capabilities listed will be included in the bounding set, all others are removed\&. If the list of capabilities is prefixed with ~, all but the listed capabilities will be included, the effect of the assignment inverted\&. Note that this option also affects the respective capabilities in the effective, permitted and inheritable capability sets\&. The capability bounding set may also be individually configured for units using the
\fICapabilityBoundingSet=\fR
directive for units, but note that capabilities dropped for PID 1 cannot be regained in individual units, they are lost for good\&.
.sp
Added in version 198\&.
.RE
.PP
\fINoNewPrivileges=\fR
.RS 4
Takes a boolean argument\&. If true, ensures that PID 1 and all its children can never gain new privileges through
\fBexecve\fR(2)
(e\&.g\&. via setuid or setgid bits, or filesystem capabilities)\&. Defaults to false\&. General purpose distributions commonly rely on executables with setuid or setgid bits and will thus not function properly with this option enabled\&. Individual units cannot disable this option\&. Also see
\m[blue]\fBNo New Privileges Flag\fR\m[]\&\s-2\u[2]\d\s+2\&.
.sp
Added in version 239\&.
.RE
.PP
\fIProtectSystem=\fR
.RS 4
Takes a boolean argument or the string
"auto"\&. If set to true this will remount
/usr/
read\-only\&. If set to
"auto"
(the default) and running in an initrd equivalent to true, otherwise false\&. This implements a restricted subset of the per\-unit setting of the same name, see
\fBsystemd.exec\fR(5)
for details: currently, the
"full"
or
"strict"
values are not supported\&.
.sp
Added in version 256\&.
.RE
.PP
\fISystemCallArchitectures=\fR
.RS 4
Takes a space\-separated list of architecture identifiers\&. Selects from which architectures system calls may be invoked on this system\&. This may be used as an effective way to disable invocation of non\-native binaries system\-wide, for example to prohibit execution of 32\-bit x86 binaries on 64\-bit x86\-64 systems\&. This option operates system\-wide, and acts similar to the
\fISystemCallArchitectures=\fR
setting of unit files, see
\fBsystemd.exec\fR(5)
for details\&. This setting defaults to the empty list, in which case no filtering of system calls based on architecture is applied\&. Known architecture identifiers are
"x86",
"x86\-64",
"x32",
"arm"
and the special identifier
"native"\&. The latter implicitly maps to the native architecture of the system (or more specifically, the architecture the system manager was compiled for)\&. Set this setting to
"native"
to prohibit execution of any non\-native binaries\&. When a binary executes a system call of an architecture that is not listed in this setting, it will be immediately terminated with the SIGSYS signal\&.
.sp
Added in version 209\&.
.RE
.PP
\fIDefaultSmackProcessLabel=\fR
.RS 4
Takes a
\fBSMACK64\fR
security label as the argument\&. The process executed by a unit will be started under this label if
\fISmackProcessLabel=\fR
is not set in the unit\&. See
\fBsystemd.exec\fR(5)
for the details\&.
.sp
If the value is
"/", only labels specified with
\fISmackProcessLabel=\fR
are assigned and the compile\-time default is ignored\&.
.sp
Added in version 252\&.
.RE
.SH "TIMEOUTS AND RATE LIMITS"
.PP
\fIDefaultTimeoutStartSec=\fR, \fIDefaultTimeoutStopSec=\fR, \fIDefaultTimeoutAbortSec=\fR, \fIDefaultRestartSec=\fR
.RS 4
Configures the default timeouts for starting, stopping and aborting of units, as well as the default time to sleep between automatic restarts of units, as configured per\-unit in
\fITimeoutStartSec=\fR,
\fITimeoutStopSec=\fR,
\fITimeoutAbortSec=\fR
and
\fIRestartSec=\fR
(for services, see
\fBsystemd.service\fR(5)
for details on the per\-unit settings)\&. For non\-service units,
\fIDefaultTimeoutStartSec=\fR
sets the default
\fITimeoutSec=\fR
value\&.
.sp
\fIDefaultTimeoutStartSec=\fR
and
\fIDefaultTimeoutStopSec=\fR
default to 90 s in the system manager and 90 s in the user manager\&.
\fIDefaultTimeoutAbortSec=\fR
is not set by default so that all units fall back to
\fITimeoutStopSec=\fR\&.
\fIDefaultRestartSec=\fR
defaults to 100 ms\&.
.sp
Added in version 209\&.
.RE
.PP
\fIDefaultDeviceTimeoutSec=\fR
.RS 4
Configures the default timeout for waiting for devices\&. It can be changed per device via the
\fIx\-systemd\&.device\-timeout=\fR
option in
/etc/fstab
and
/etc/crypttab
(see
\fBsystemd.mount\fR(5),
\fBcrypttab\fR(5))\&. Defaults to 90 s in the system manager and 90 s in the user manager\&.
.sp
Added in version 252\&.
.RE
.PP
\fIDefaultStartLimitIntervalSec=\fR, \fIDefaultStartLimitBurst=\fR
.RS 4
Configure the default unit start rate limiting, as configured per\-service by
\fIStartLimitIntervalSec=\fR
and
\fIStartLimitBurst=\fR\&. See
\fBsystemd.service\fR(5)
for details on the per\-service settings\&.
\fIDefaultStartLimitIntervalSec=\fR
defaults to 10s\&.
\fIDefaultStartLimitBurst=\fR
defaults to 5\&.
.sp
Added in version 209\&.
.RE
.PP
\fIReloadLimitIntervalSec=\fR, \fIReloadLimitBurst=\fR
.RS 4
Rate limiting for daemon\-reload and (since v256) daemon\-reexec requests\&. The setting applies to both operations, but the rate limits are tracked separately\&. Defaults to unset, and any number of operations can be requested at any time\&.
\fIReloadLimitIntervalSec=\fR
takes a value in seconds to configure the rate limit window, and
\fIReloadLimitBurst=\fR
takes a positive integer to configure the maximum allowed number of operations within the configured time window\&.
.sp
Added in version 253\&.
.RE
.SH "ENVIRONMENT"
.PP
\fIManagerEnvironment=\fR
.RS 4
Takes the same arguments as
\fIDefaultEnvironment=\fR, see above\&. Sets environment variables for the manager process itself\&. These variables are inherited by processes spawned by user managers, but not the system manager \- use
\fIDefaultEnvironment=\fR
for that\&. Note that these variables are merged into the existing environment block\&. In particular, in case of the system manager, this includes variables set by the kernel based on the kernel command line\&. As with
\fIDefaultEnvironment=\fR, this environment block is internal, and changes are not reflected in the manager\*(Aqs
/proc/PID/environ\&.
.sp
Setting environment variables for the manager process may be useful to modify its behaviour\&. See
\m[blue]\fBKnown Environment Variables\fR\m[]\&\s-2\u[3]\d\s+2
for a descriptions of some variables understood by
\fBsystemd\fR\&.
.sp
Simple
"%"\-specifier expansion is supported, see below for a list of supported specifiers\&.
.sp
Added in version 248\&.
.RE
.PP
\fIDefaultEnvironment=\fR
.RS 4
Configures environment variables passed to all executed processes\&. Takes a space\-separated list of variable assignments\&. See
\fBenviron\fR(7)
for details about environment variables\&.
.sp
Simple
"%"\-specifier expansion is supported, see below for a list of supported specifiers\&.
.sp
Example:
.sp
.if n \{\
.RS 4
.\}
.nf
DefaultEnvironment="VAR1=word1 word2" VAR2=word3 "VAR3=word 5 6"
.fi
.if n \{\
.RE
.\}
.sp
Sets three variables
"VAR1",
"VAR2",
"VAR3"\&.
.sp
Added in version 205\&.
.RE
.SH "SPECIFIERS"
.PP
Specifiers may be used in the
\fIDefaultEnvironment=\fR
and
\fIManagerEnvironment=\fR
settings\&. The following expansions are understood:
.sp
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.B Table\ \&1.\ \&Specifiers available
.TS
allbox tab(:);
lB lB lB.
T{
Specifier
T}:T{
Meaning
T}:T{
Details
T}
.T&
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l
l l l.
T{
"%a"
T}:T{
Architecture
T}:T{
A short string identifying the architecture of the local system\&. A string such as \fBx86\fR, \fBx86\-64\fR or \fBarm64\fR\&. See the architectures defined for \fIConditionArchitecture=\fR in \fBsystemd.unit\fR(5) for a full list\&.
T}
T{
"%A"
T}:T{
Operating system image version
T}:T{
The operating system image version identifier of the running system, as read from the \fIIMAGE_VERSION=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
T}
T{
"%b"
T}:T{
Boot ID
T}:T{
The boot ID of the running system, formatted as string\&. See \fBrandom\fR(4) for more information\&.
T}
T{
"%B"
T}:T{
Operating system build ID
T}:T{
The operating system build identifier of the running system, as read from the \fIBUILD_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
T}
T{
"%H"
T}:T{
Host name
T}:T{
The hostname of the running system\&.
T}
T{
"%l"
T}:T{
Short host name
T}:T{
The hostname of the running system, truncated at the first dot to remove any domain component\&.
T}
T{
"%m"
T}:T{
Machine ID
T}:T{
The machine ID of the running system, formatted as string\&. See \fBmachine-id\fR(5) for more information\&.
T}
T{
"%M"
T}:T{
Operating system image identifier
T}:T{
The operating system image identifier of the running system, as read from the \fIIMAGE_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
T}
T{
"%o"
T}:T{
Operating system ID
T}:T{
The operating system identifier of the running system, as read from the \fIID=\fR field of /etc/os\-release\&. See \fBos-release\fR(5) for more information\&.
T}
T{
"%v"
T}:T{
Kernel release
T}:T{
Identical to \fBuname \-r\fR output\&.
T}
T{
"%w"
T}:T{
Operating system version ID
T}:T{
The operating system version identifier of the running system, as read from the \fIVERSION_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
T}
T{
"%W"
T}:T{
Operating system variant ID
T}:T{
The operating system variant identifier of the running system, as read from the \fIVARIANT_ID=\fR field of /etc/os\-release\&. If not set, resolves to an empty string\&. See \fBos-release\fR(5) for more information\&.
T}
T{
"%T"
T}:T{
Directory for temporary files
T}:T{
This is either /tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.)
T}
T{
"%V"
T}:T{
Directory for larger and persistent temporary files
T}:T{
This is either /var/tmp or the path "$TMPDIR", "$TEMP" or "$TMP" are set to\&. (Note that the directory may be specified without a trailing slash\&.)
T}
T{
"%h"
T}:T{
User home directory
T}:T{
This is the home directory of the \fIuser running the service manager instance\fR\&.
T}
T{
"%u"
T}:T{
Username
T}:T{
This is the username of the \fIuser running the service manager instance\fR\&.
T}
T{
"%U"
T}:T{
User id
T}:T{
This is the user id of the \fIuser running the service manager instance\fR\&.
T}
T{
"%g"
T}:T{
Primary group
T}:T{
This is the primary group of the \fIuser running the service manager instance\fR\&.
T}
T{
"%G"
T}:T{
Primary group id
T}:T{
This is the primary group id of the \fIuser running the service manager instance\fR\&.
T}
T{
"%s"
T}:T{
User shell
T}:T{
This is the shell of the \fIuser running the service manager instance\fR\&.
T}
T{
"%%"
T}:T{
Single percent sign
T}:T{
Use "%%" in place of "%" to specify a single percent sign\&.
T}
.TE
.sp 1
.SH "HISTORY"
.PP
systemd 252
.RS 4
Option
\fIDefaultBlockIOAccounting=\fR
was deprecated\&. Please switch to the unified cgroup hierarchy\&.
.sp
Added in version 252\&.
.RE
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1), \fBsystemd.directives\fR(7), \fBsystemd.exec\fR(5), \fBsystemd.service\fR(5), \fBenviron\fR(7), \fBcapabilities\fR(7)
.SH "NOTES"
.IP " 1." 4
💣💥🧨💥💥💣 Please note that those configuration files must be available at all times. If
/usr/local/
is a separate partition, it may not be available during early boot, and must not be used for configuration.
.IP " 2." 4
No New Privileges Flag
.RS 4
\%https://docs.kernel.org/userspace-api/no_new_privs.html
.RE
.IP " 3." 4
Known Environment Variables
.RS 4
\%https://systemd.io/ENVIRONMENT
.RE
